PIGA-Virt: an advanced distributed MAC protection of virtual systems
作者: J. Briffaut , E. Lefebvre , J. Rouzaud-Cornabas , C. Toinard
DOI: 10.1007/978-3-642-29740-3_47
关键词: Hypervisor 、 Distributed computing 、 Computer network 、 Mandatory access control 、 Covert channel 、 Virtual machine 、 Computer science 、 Control (management) 、 Cloud computing
摘要: Efficient Mandatory Access Control of Virtual Machines remains an open problem for protecting efficiently Cloud Systems. For example, the MAC protection must allow some information flows between two virtual machines while preventing other those machines. solving these problems, environment guarantee in-depth in order to control that starts a Machine (vm) and finishes another one. In contrast with existing approaches, PIGA-Virt is controlling different levels system. It eases management required security objectives. The approach guarantees objectives flows. supports large range predefined canvas whose efficiency has been demonstrated during ANR Sec&Si challenge. paper shows how advanced confidentiality integrity properties by complex combinations transitive passing through intermediate resources. As far as we know, first operational solution providing protection, addressing requirements inside Moreover, independent underlying hypervisor. Performances scenarios are given KVM
archives-ouvertes.fr
springer.com
sci-hub.st 参考文章(16)
Rafal Wojtczuk, Subverting the Xen hypervisor ,(2008)
John F. Farrell, S. Jeff Turner, Peter A. Loscocco, Ruth C. Taylor, Stephen D. Smalley, Patrick A. Muckelbauer, The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments ,(2000)
Trent Jaeger, Joshua Schiffman, Outlook: Cloudy with a Chance of Security Challenges and Improvements ieee symposium on security and privacy. ,vol. 8, pp. 77- 80 ,(2010) , 10.1109/MSP.2010.45
Bryan D. Payne, Reiner Sailer, Ramón Cáceres, Ron Perez, Wenke Lee, A layered approach to simplified access control in virtualized systems ACM SIGOPS Operating Systems Review. ,vol. 41, pp. 12- 19 ,(2007) , 10.1145/1278901.1278905
Sandra Rueda, Hayawardh Vijayakumar, Trent Jaeger, Analysis of virtual machine system policies Proceedings of the 14th ACM symposium on Access control models and technologies - SACMAT '09. pp. 227- 236 ,(2009) , 10.1145/1542207.1542243
J. Briffaut, M. Peres, C. Toinard, A dynamic end-to-end security for coordinating multiple protections within a Linux desktop collaboration technologies and systems. pp. 509- 515 ,(2010) , 10.1109/CTS.2010.5478471
Nguyen Anh Quynh, Y. Takefuji, A Real-time Integrity Monitor for Xen Virtual Machine international conference on networking and services. pp. 90- 90 ,(2006) , 10.1109/ICNS.2006.13
Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage, Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds computer and communications security. pp. 199- 212 ,(2009) , 10.1145/1653662.1653687
J. Briffaut, J.-F. Lalande, C. Toinard, M. Blanc, Enforcement of Security Properties for Dynamic MAC Policies international conference on emerging security information, systems and technologies. pp. 114- 120 ,(2009) , 10.1109/SECURWARE.2009.25
Ravi Sandhu, Raj Boppana, Ram Krishnan, Jeff Reich, Todd Wolff, Josh Zachry, Towards a discipline of mission-aware cloud computing cloud computing security workshop. pp. 13- 18 ,(2010) , 10.1145/1866835.1866839